Activity Menu

Search form

Main navigation

Breadcrumb

Civil servant admits British police grabbing location data of thousands of innocent people

Friday, July 13, 2012

In the first public admission of its kind, the Home Office's Peter Hill admitted this week that the British government routinely sweeps up the identities of thousands of people in a given area - with a single request to a mobile phone network.

The statement was made during the first hearing of the Joint Committee on the Draft Communications Data Bill, at which Mr Hill (Head of Unit for Pursue Policy and Strategy Unit at the Home Office), Charles Farr (Director of the Office for Security and Counter-Terrorism) and Richard Alcock (Director of the Communications Capability Directorate) gave evidence to support the Home Office's latest legislative attempt to implement mass surveillance in the UK.

Your mobile phone needs to connects to one or more cell towers used by your network in order to function, and it will always seek the strongest signal. This means that if your phone is on and you have it with you, you can be located with a frightening degree of accuracy - in urban areas, sometimes to within a 50 metre radius. Your mobile phone company is required by the EU Data Retention Directive to keep records of every tower you connect to for a twelve-month period. What Peter Hill let slip was that the police can request not only targeted information about a certain individual, but also vast 'dumps' of information about a certain cell tower - potentially sweeping up the location data of hundreds or even thousands of people with a single request.

The legal situation surrounding the proper law enforcement access standard for location data has always been unclear. Access to “communications data”, including the location of mobile phones, has been regulated under Part I Chapter 2 of the Regulation of Investigatory Powers Act since it was brought into force in January 2004. In his 2010 Annual Report, the Interception of Communications Commissioner noted for the first time the total number of requests for communications data; public authorities made a total 552,550 requests. However, the report provides no breakdown of the types or purposes of requests, so it is impossible to tell whether a request is for access to a single individual's phone, or access to one or more cell towers within a given area. In the latter case, the authorities would be grabbing the location data of thousands of unwitting people, but the action would still show up in the IoCC report as a single request. It is therefore currently impossible to ascertain the degree and scope of surveillance by public authorities in the UK.

Information about how cell tower dumps are used by the police and security services and how this activity is regulated is also conspicuously absent from the public domain. There is no paper trail to audit and no published guidance explaining what safeguards are in place to protect against abuse of this powerful tool. In a democratic and informed society it is unacceptable that we have no idea how - and how often - the government accesses information that nearly all of us generate every day by simply carrying our mobile phone around with us. Greater transparency is clearly needed, and we can no longer rely on a single annual report by the IoCC for an accurate picture of surveillance in the UK. A public reporting requirement for telecommunications companies would be an essential first step to improve our understanding of what the state knows about where we are, and what it does with this information.

We are a small and fiercely independent charity that picks big fights with companies and governments that attack your privacy, dignity, and freedom. Our independence means we never accept funds from industry and governments that limit our ability to criticise those same institutions who abuse your privacy, dignity, and freedom.